An eye opening lesson in IT security

**NotAllThere** · 1 June 2013, 05:34

If you work for a large well known company, have a chat sometime with the network security team.

**Doggy Styles** · 1 June 2013, 08:32

They know everything and they are watching you.

**Mich the Tester** · 1 June 2013, 09:49

Originally posted by bobspud View Post

The last few days have been spent with a really cool hacker / security expert. In that time I have seen vast dumps of credit card details, entire password files with rainbow tables and the most scary of all the ID dumps of operatives taken from the Mosad bust up with Anonymous. One of the most concerning things that became apparent was the vast amounts of stolen data that is hiding in plain site on boards. Anyone that thinks that their IT security is working should probably go and do some digging out in the less savoury parts of the internet...

I am not surprised that the criminals are ripping the piss with some of the stuff out there...

We need to think about what information we store electronically.

**Wanderer** · 1 June 2013, 10:09

Originally posted by bobspud View Post

The last few days have been spent with a really cool hacker / security expert. In that time I have seen vast dumps of credit card details, entire password files with rainbow tables and the most scary of all the ID dumps of operatives taken from the Mosad bust up with Anonymous.

Much more concerning than that is the amount of data they collect about us every day from our mobile phone position, cctv, numberplate recognition and internet records....

**bobspud** · 1 June 2013, 10:51

Just the level 3 european network has somewhere in the region of 67Tb per second of capacity on its own. thats one network! When the government talk about listening to that sort of bandwidth when the best some of the guys in the field have is in the megabit range, you have to wonder who the idiots are that are suggesting it.

Its never going to be physically possible to handle taps on that data. And if the government tried it how hard would it be to flood the network with random noise? If you get to the bit where they ask the ISP to save all that web data and email.... I have 10 gmail accounts and they all have 10gb of mail capacity and given that the ISP will have to store that for 7 years you are talking about 125 copies stored per year with the typical rotation.

I am going into see a client next week to tell them that we found about 3 gigs of their data sat on paste bin and some associated sites. We found that much in 20 minutes while a sales presentation was on the go...

In short 20 minutes work got me enough inside information to earn more in a week of activity than the poor sap that takes this job will in several years...

Job: Urgent IT Security Expert Wanted up to £350/day - Technojobs

**doodab** · 1 June 2013, 12:46

Originally posted by bobspud View Post

Its never going to be physically possible to handle taps on that data.

It already is.

You can buy something that fits into a standard IBM blade rack and does deep packet inspection on 20Gbps from a company called cloudshield, who are owned by this lot. That's 280Gbps in 9u. They also sell a 4u box that can handle 120Gbps. I would expect that even better devices exist given that the latest generation of FPGAs can handle terabits of IO with a single chip and most of the big US defence contractors have been or are involved with developing deep packet inspection technology.

I'd be interested to know if something like this is wired up to major ingress and egress points or various places in between. The linx for example handles about 1.5Tbit/s peak traffic, which could all be scanned with a couple of racks worth of gear and e.g. every VOIP call captured. Obviously that wouldn't deal with stuff outside your borders, or stuff that doesn't transit that exchange, but most western countries have similar lawful intercept laws to the US, so they could easily compel a carrier to capture every packet going in or out of a particular broadband connection or similar.

Originally posted by bobspud View Post

And if the government tried it how hard would it be to flood the network with random noise?

Easy. Set up a site for IT contractors and post some daily mail links about AGW and economics

Originally posted by bobspud View Post

If you get to the bit where they ask the ISP to save all that web data and email....

What, this bit?

http://www.legislation.gov.uk/uksi/2.../contents/made

**Freamon** · 1 June 2013, 13:05

Originally posted by doodab View Post

You can buy something that fits into a standard IBM blade rack and does deep packet inspection on 20Gbps from a company called cloudshield, who are owned by this lot. That's 280Gbps in 9u. They also sell a 4u box that can handle 120Gbps. I would expect that even better devices exist given that the latest generation of FPGAs can handle terabits of IO with a single chip and most of the big US defence contractors have been or are involved with developing deep packet inspection technology.

Is that much use, given most of the packets they're interested in will be SSL encrypted data?

**OwlHoot** · 1 June 2013, 13:12

Originally posted by bobspud View Post

Just the level 3 european network has somewhere in the region of 67Tb per second of capacity on its own. thats one network! When the government talk about listening to that sort of bandwidth when the best some of the guys in the field have is in the megabit range, you have to wonder who the idiots are that are suggesting it. ...

WHS, but this obsession with logging IT comms by that bossy Home Secretary (I forget her name) has very little to do with terrorism but is much more about identifying council house and housing association sub-letters and cash-in-hand landlords, to try and winkle more tax out of them.

**doodab** · 1 June 2013, 13:25

Originally posted by Freamon View Post

Is that much use, given most of the packets they're interested in will be SSL encrypted data?

At that scale I'd guess they would be more concerned with who talks to whom and how often, who looks at which suspicious websites and what they looked at (can be inferred from response sizes) and looking for patterns, perhaps even working out where someone is physically located if they don't already know.

The other thing about ssl is that a man in the middle attack is pretty easy if you can fake certificates, so you need to look at who controls all of the certificate authorities you trust.

An eye opening lesson in IT security